Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Berkshire Power Company LLC, Power Plant Management Services,
and the Wood Group agreed to pay about $8.5 million March 30 for improperly
reporting data about emissions and tampering with equipment that monitors air
pollution at a power plant in Agawam, Massachusetts. – WWLP 22 Springfield

2. March 30,
WWLP 22 Springfield – (Massachusetts) Power plant owner, managers to pay $8.5M for
falsely reporting on pollution. The U.S. Department of Justice and
Massachusetts officials reported March 30 that Berkshire Power Company LLC,
Power Plant Management Services, and the Wood Group will pay about $8.5 million
in criminal and civil penalties for conspiring to violate the Clean Air Act at
the Berkshire Power plant in Agawam by improperly reporting data about
emissions and tampering with equipment that monitors air pollution. Prosecutors
allege that Berkshire Power and Power Plant Management Services encouraged
employees with the Wood Group, a company hired to run daily plant operations,
to tamper with equipment while Berkshire Power and Power Plant Management
Services submitted the skewed data to the U.S. Environmental Protection Agency
and Massachusetts Department of Environmental Protection. Source: http://wwlp.com/2016/03/30/power-plant-owner-managers-to-pay-8-5m-for-falsely-reporting-on-pollution/

• Volkswagen AG issued a recall April 1 for approximately 91,000
of its model years 2012 – 2014 Passat vehicles due to improperly assembled wire
seals which can allow water to contact the electrical terminals and short. – Associated
Press

4. April 1,
Associated Press – (National) VW recalls diesel Passats; wiring trouble can
cause fires. Volkswagen AG issued a recall April 1 for approximately 91,000
of its model years 2012 – 2014 Passat vehicles equipped with diesel engines
after Volkswagen factory workers reported underbody fires due to improperly
assembled wire seals in an electrical connector which can allow water to
contact the electrical terminals and short, thereby causing a fire to ignite
under the vehicle. Source: http://www.startribune.com/vw-recalls-diesel-passats-wiring-trouble-can-cause-fires/374249701/

• A gunman was shot and killed by two Virginia State Police
troopers after he shot and killed another trooper at a Greyhound bus station in
Richmond March 31, prompting the bus station’s indefinite closure. – WVEC 13
Hampton; Associated Press

9. April 1,
WVEC 13 Hampton; Associated Press – (Virginia) Trooper shot at
Richmond, Va., bus station dies. A gunman was shot and killed by two
Virginia State Police troopers after he shot and killed another trooper at a
Greyhound bus station in Richmond, Virginia, March 31, prompting the bus
station’s indefinite closure while authorities investigate the incident. Two
civilians were also injured and officials reported that troopers were
participating in drug interdiction training at the bus station during the
shooting. Source: http://www.usatoday.com/story/news/2016/03/31/reports-active-shooter-richmond-bus-station/82477794/

• Terminix International Company LP and its U.S. Virgin Islands
operation agreed to pay $10 million March 29 after the companies illegally
applied fumigants with methyl bromide in multiple locations in the U.S. Virgin
Islands. – U.S. Department of Justice

17. March 31,
U.S. Department of Justice – (U.S. Virgin Islands) Terminix companies
agree to pay $10 million for applying restricted-use pesticide to residences in
the U.S. Virgin Islands. The U.S. Department of Justice and U.S.
Environmental Protection Agency announced March 29 that Terminix International
Company LP (Terrminix LP) and its U.S. Virgin Islands operation, Terminix
International USVI LLC (Terrminix, USVI) were charged with violating the
Federal Insecticide, Fungicide, and Rodenticide Act after the companies
illegally applied fumigants with methyl bromide in multiple residential
locations in the U.S. Virgin Islands from September 2012 – March 2015, causing
four people to fall seriously ill in 2015. Terrminix LP and Terrminix, USVI
will be required to pay a total of $10 million in criminal fines, community
service, and restitution payments, and the companies will be required to cease
its use of pesticides containing methyl bromide in the U.S. and its
territories. Source:
https://www.justice.gov/opa/pr/terminix-companies-agree-pay-10-million-applying-restricted-use-pesticide-residences-us

Financial Services Sector

6. April 1,
WLNS 6 Lansing – (International) Four arrested in Calhoun County for allegedly
possessing over 100 fraudulent credit cards. Authorities from the Calhoun
County Sheriff’s Office in Michigan announced April 1 that 4 Chicago-area
residents were arrested the week of March 28 after police found about 150
fraudulent credit cards from other countries in the group’s vehicle. Police
were alerted to the suspects’ vehicle after a gas station attendant notified
the police about possible credit card fraud. Source: http://wlns.com/2016/04/01/four-arrested-in-calhoun-county-for-allegedly-possessing-over-100-fraudulent-credit-cards/

20. April 1,
SecurityWeek – (International) Code execution flaw found in Lhasa
decompression library. Lhasa released version 0.3.1 for its open source
tool and library product addressing an integer underflow vulnerability after
Cisco TALOS researchers found hackers could exploit the flaw for arbitrary code
execution by tricking victims into opening a specially crafted file, as well as
through file scanning systems that leverage the vulnerable library to read the
content of LZH and LHA files. Source: http://www.securityweek.com/code-execution-flaw-found-lhasa-decompression-library

22. March 31,
Softpedia – (International) SideStepper attack targets corporate iOS
devices. Security researchers from Check Point discovered a new attack
method dubbed SideStepper that targets Apple iOS devices used in enterprise
environments and are enrolled in Mobile Device Management (MDM) setups, which
could allow attackers to bypass iOS security protections and install malware on
a device by sending a malicious configuration profile via email, instant
messaging (IM), or short message service (SMS) to the device, through the use
of a legitimate enterprise certificate to install malicious apps via a trivial
Man-in-the-Middle (MitM) attack. Source: http://news.softpedia.com/news/sidestepper-attack-targets-corporate-ios-devices-502422.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"